Description
A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function.
Recommendation
Update the devcert package to the latest compatible version. Followings are version details:
- Affected version(s): <= 1.1.1
- Patched version(s): 1.1.2
References
Related Issues
- Command Injection in hot-formula-parser - CVE-2020-6836
- Command Injection Vulnerability in systeminformation (GHSA-m57p-p67h-mq74) - CVE-2020-26274
- karma-mojo enables OS Command Injection - CVE-2020-7626
- systeminformation command injection vulnerability - CVE-2020-7752
- Tags:
- npm
- devcert
Anything's wrong? Let us know Last updated on February 01, 2023